HOWTO: reverse proxy with nginx and ssl with certbot

Let’s assume that you want to add an ssl certificate with certbot for your subdomain: subdomain.domain.com
(replace with the desired subdomain)

Prerequisites: nginx

First, edit the following reverse-proxy

/etc/nginx/sites-enabled/reverse-proxy

and add the following new server

server{
listen 80;
server_name subdomain.domain.com;
}

Run certbot and follow the instructions:

sudo certbot --nginx

For reverse proxy, add the following location to the newly created “server” by certbot.
Change PORT and subdomain.domain.com accordingly.

server {
server_name subdomain.domain.com;

location / {
proxy_read_timeout      300;
proxy_connect_timeout   300;
proxy_redirect          off;

proxy_set_header        X-Forwarded-Proto $scheme;
proxy_set_header        Host              $http_host;
proxy_set_header        X-Real-IP         $remote_addr;
proxy_set_header        X-Forwarded-For   $proxy_add_x_forwarded_for;

proxy_pass http://127.0.0.1:PORT;
}

listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/subdomain.domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/subdomain.domain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

restart ngninx:

systemctl restart nginx

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.